Example 1 with MonitorAuthorization
use of org.bimserver.webservices.authorization.MonitorAuthorization in project BIMserver by opensourceBIM.
the class LoginDatabaseAction method execute.
@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
BimDatabaseAction<User> action = new GetUserByUserNameDatabaseAction(getDatabaseSession(), getAccessMethod(), username);
User user = action.execute();
if (user != null) {
if (user.getPasswordHash() == null || user.getPasswordHash().length == 0) {
throw new UserException("Your email address has not been validated yet");
}
if (new Authenticator().validate(password, user.getPasswordHash(), user.getPasswordSalt())) {
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User account has been deleted");
} else if (user.getUserType() == UserType.SYSTEM) {
throw new UserException("System user cannot login");
}
Authorization authorization = null;
int sessionTimeOutSeconds = 60 * 10;
boolean migrationRequired = bimServer.getDatabase().getMigrator().migrationRequired();
if (!migrationRequired) {
sessionTimeOutSeconds = bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds();
}
if (user.getUserType() == UserType.ADMIN) {
authorization = new AdminAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
} else if (user.getUserType() == UserType.MONITOR) {
authorization = new MonitorAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
} else {
authorization = new UserAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
}
authorization.setUoid(user.getOid());
authorization.setUsername(user.getUsername());
String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
serviceMap.setAuthorization(authorization);
bimServer.getAuthCache().store(asHexToken, authorization);
if (!migrationRequired && bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
user.setLastSeen(new Date());
getDatabaseSession().store(user);
}
return asHexToken;
}
}
try {
// Adding a random sleep to prevent timing attacks
Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
} catch (InterruptedException e) {
LOGGER.error("", e);
}
throw new UserException("Invalid username/password combination");
}
Also used :
User(org.bimserver.models.store.User)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
MonitorAuthorization(org.bimserver.webservices.authorization.MonitorAuthorization)
Date(java.util.Date)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Authorization(org.bimserver.webservices.authorization.Authorization)
MonitorAuthorization(org.bimserver.webservices.authorization.MonitorAuthorization)
UserException(org.bimserver.shared.exceptions.UserException)
Authenticator(org.bimserver.Authenticator)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Aggregations
Date (java.util.Date)1
Authenticator (org.bimserver.Authenticator)1
User (org.bimserver.models.store.User)1
UserException (org.bimserver.shared.exceptions.UserException)1
AdminAuthorization (org.bimserver.webservices.authorization.AdminAuthorization)1
Authorization (org.bimserver.webservices.authorization.Authorization)1
MonitorAuthorization (org.bimserver.webservices.authorization.MonitorAuthorization)1
UserAuthorization (org.bimserver.webservices.authorization.UserAuthorization)1
